Windows 7 and Server 2008 R2 Critical Patches

If you have any computers running Windows 7 or Server 2008 R2, heads up! The previously released patches for Meltdown actually opened up another vulnerability – much worse than what was exposed by Meltdown.

According to researcher Ulf Frisk who previously found glaring shortcomings in Apple’s FileVault disk encryption system, the early Microsoft patches left a crucial kernel memory table readable and writable for normal user processes. Or in non-technical speak, the vulnerability allows any program or application of any logged in user to manipulate the operating system and extract and modify any information in memory.

Ouch!

The regular batch of March patches from Microsoft contained a fix but Microsoft has released a subsequent special emergency fix for this issue. So if your Windows 7 and 2008 R2 machines aren’t set for performing regular updates for critical patches, you should apply that special emergency fix as soon as practical. You can download that patch here. Other versions of Windows aren’t affected.

If you’re a MicroData customer with any of our Managed Service or Security service plans, this issue has already been automatically taken care of for you.